February 17, 2023

Trustworthiness of sensitive data research is about more than just privacy and security

Elizabeth Waind, DARE UK’s Senior Communications and Engagement Manager, shares her reflections on the trustworthiness of sensitive data research, and why we mustn’t lose sight of public benefit.

When we think about the trustworthiness of sensitive data research, the first thing that comes to mind is often privacy and security. Concerns around the risk to individual privacy and the potential for data misuse are front of mind, and for good reason. Sensitive data is data about people, and preventing harm to individuals and society as a result of its use is crucial.

Currently, however, the public’s desire for public good to be achieved with their data – through research to better understand and respond to their experiences and needs relating to education, health, housing, employment and more – is underrepresented in the national dialogue.

Over a decade of previous research – including a public dialogue carried out by DARE UK in 2022 – has shown that people want and expect their data to be used for good when it is done safely, securely and transparently. But the balance of trustworthiness is skewed by a climate of risk aversion based on privacy and security concerns, leading to inefficient data access governance processes and hindering the ability of researchers to carry out important work in the public benefit.

More efficient mechanisms for making sensitive data available to researchers in a safe and secure way are essential to maximising the public benefit of data research and better demonstrating trustworthiness.

The public perspective on trusted research environments (TREs)

Trusted research environments (TREs) are highly secure digital environments that provide access to sensitive data for analysis by approved researchers. Over the last decade, TREs have increasingly been developed and used as a solution to make sensitive data accessible in a secure way for research in the public good.

TREs operate in line with the Five Safes developed by the Office for National Statistics: Safe People, Safe Projects, Safe Data, Safe Settings and Safe Outputs. These measures significantly reduce the risk of data held in TREs being reidentified or misused, and a focus on public good increases the potential to benefit lives.

Participants of both DARE UK’s public dialogue and another of the same year by ADR UK (Administrative Data Research UK) and the Office for Statistics Regulation expressed positive reassurance and confidence in the ability of TREs to protect sensitive data, whilst accepting that no access to data is entirely risk-free. We therefore know that TREs offer a publicly acceptable solution to the safe and secure use of sensitive data for research in the public good.

But participants of these and other dialogues also expressed surprise at the long and complex processes researchers must go through to gain access to data – an issue highlighted in DARE UK’s summer report – and concern about differing data access processes across TREs. A 2021 dialogue commissioned by the National Data Guardian on making public benefit assessments when using health and care data similarly identified a desire for data access procedures to be standardised and streamlined for regular data applicants. These studies show that people don’t want governance to be excessively restrictive – they want it to enable rather than hinder public benefit research.

“Why do the people who need the data for research have to go through all the different institutes to get the information they need? It seems to be a lot of red tape. I also think it’s a bit worrying that different institutions have different levels of security.”
DARE UK public dialogue participant

It’s not about who, it’s about why

We also know that people are supportive of all kinds of researchers accessing their data – whether they be from academia, the charity sector or a commercial organisation – as long as it’s transparent and motivated by public benefit, and profits are not excessive. Participants of DARE UK’s dialogue felt that what is most important is not whether a researcher is from the public or the private sector, but rather that they are driven by the right intentions. Those who took part in a 2021 dialogue by the Geospatial Commission on the use of location data said they were happy with businesses using their personal data when the benefit to them or wider society is clear.

We need to find ways to collaborate positively with profit-making organisations, to draw on their knowledge and expertise, and this relies on strong governance. We don’t need to start from scratch – frameworks such as those developed by Understanding Patient Data and the Open Data Institute already provide comprehensive guidance to support the creation of trustworthy data partnerships and data stewardships.

Transparency and public involvement and engagement are also key. We need to raise general awareness and understanding about how and why sensitive data is being accessed for research. This will help to enable public confidence and address an environment of “tenuous trust” around public sector data use as identified by the Centre for Data Ethics and Innovation (CDEI) in a 2020 report [1]. Furthermore, we need the input of the public to make sure the research using their data is appropriately geared towards meeting their needs.

A greater emphasis on maximising the public good of data is needed

There is an understandable risk aversion amongst data collectors and custodians when making sensitive data available for research. Those responsible for the data need to make sure the privacy of individuals is protected, and that data is not susceptible to misuse which may cause harm to individuals or society.

But overly cumbersome and often repetitive data access and accreditation processes – particularly for those wishing to access multiple datasets held in different locations – are hindering the ability of researchers to carry out important, cross-domain research with real potential for public benefit. Existing research funding structures in the UK don’t easily allow for delays to research timelines caused by unpredictable data access processes; and research insights are only useful for as long as the data they are based on remains relevant.

If we don’t suitably balance the risks and benefits of sensitive data research, we will fail to meet public expectations around making the best use of data. People want to see efficient use of their data for public good, to improve their lives and strengthen their communities. There needs to be a greater emphasis on the public good of sensitive data research in our efforts to demonstrate its trustworthiness.

Elizabeth has been part of the DARE UK team since September 2021, prior to which she worked on communications and engagement for ADR UK (Administrative Data Research UK). Today is her last day with DARE UK before she goes to Canada to explore life across the pond.



[1] The 2020 CDEI report identified “an environment of tenuous trust in which data may be shared for valuable purposes, but the manner in which this is communicated to the public is primarily to limit a potential negative reaction, rather than active positive engagement. A lack of understanding and debate around what is publicly acceptable when it comes to data sharing and use may also create perverse incentives for departments to be less transparent about their work.”